Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Register or Sign in
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
About NickWatson
NickWatson
Comes here often
Member since Jun 20, 2023
Nov 1 2023
Community Record
4
Posts
0
Kudos
0
Solutions
Oct 11 2023
8:51 AM
Tested again this morning with an expanded subnet in one of the server ranges and still have same issue. I did verify I can ping the web server by IP and name from a local subnet but cannot access the IIS content, can remote to the server (from a server subnet) and can ping out from the web servers to 8.8.8.8 and google.com BUT I cannot access them from a browser on the server. Adding the allows/denies in place on the VLANs. I have to troubleshoot in the early AM so the deny alls are not in place at this time. With what I have below, it works. When I add the denies, it breaks.
... View more
Oct 10 2023
8:43 AM
I have 122 ACLs in place but sending the last 30 or so for review. Please let me know if you need them all. This is all working as expected from internal VLANs the only issue is from external and only when I do a deny all at the end. Just curious of any missing logic as it applies to that. I think the DNS might be one of the issues, as we have Umbrella, but the IPs are not in the range at present for an allow.
... View more
Oct 10 2023
8:24 AM
Allows include that and are on the switch level due to routing and dhcp being at that level. I would rather do all controls at the Firewall but with the routing and dhcp being done on the core stack and static routing in place on the FW I have not been able to to that.
... View more
Oct 10 2023
8:17 AM
We are trying to not move our Routing and DHCP to the firewall and in keeping it on the switch level but in doing so, we need to free up ACLs for some additional functionality. So, what we have is our DMZ VLAN with allow / denys for all our internal VLANs and NAT with allowable IPs from the Cloudflare IPs on ports 80/443. But when I add a deny all, it breaks external access to the web servers and I cannot determine why. Do the external allowble IPs in NAT have to be added as well or? FW / Core stack VLANs ----- ACL allows in place for VLAN 125 9300 stack feeding servers-----ACL allows in place for VLAN 10 VMWARE----ACL allows in place for VLAN 4 Public IPs------ACL allows in place FW CORE 9300 VMWARE WEB SUBNET VLAN 125 VLAN 125 VLAN 10 VLAN 4
... View more
© 2024 Cisco Systems, Inc.
